{"id":28354,"date":"2020-03-10T16:00:00","date_gmt":"2020-03-10T20:00:00","guid":{"rendered":"https:\/\/mjtsai.com\/blog\/?p=28354"},"modified":"2021-09-24T16:20:23","modified_gmt":"2021-09-24T20:20:23","slug":"lets-encrypt-vulnerability","status":"publish","type":"post","link":"https:\/\/mjtsai.com\/blog\/2020\/03\/10\/lets-encrypt-vulnerability\/","title":{"rendered":"Let&rsquo;s Encrypt Vulnerability"},"content":{"rendered":"<p><a href=\"https:\/\/arstechnica.com\/information-technology\/2020\/03\/lets-encrypt-revoking-https-certs-due-to-certificate-authority-bug\/\">Jim Salter<\/a> (via <a href=\"https:\/\/www.schneier.com\/blog\/archives\/2020\/03\/lets_encrypt_vu.html\">Bruce Schneier<\/a>):<\/p>\n<blockquote cite=\"https:\/\/arstechnica.com\/information-technology\/2020\/03\/lets-encrypt-revoking-https-certs-due-to-certificate-authority-bug\/\"><p>On Leap Day, Let&rsquo;s Encrypt <a href=\"https:\/\/community.letsencrypt.org\/t\/2020-02-29-caa-rechecking-bug\/114591\">announced<\/a> that it had discovered a bug in its <a href=\"https:\/\/en.wikipedia.org\/wiki\/DNS_Certification_Authority_Authorization\">CAA<\/a> (Certification Authority Authorization) code.<\/p><p>The bug opens up a window of time in which a certificate might be issued even if a CAA record in that domain&rsquo;s DNS should prohibit it. As a result, Let&rsquo;s Encrypt is erring on the side of security and safety rather than convenience and revoking any currently issued certificates it can&rsquo;t be certain are legitimate[&#8230;]<\/p><\/blockquote>\n\n<p>See also: <a href=\"https:\/\/community.letsencrypt.org\/t\/2020-02-29-caa-rechecking-bug\/114591\">Let&rsquo;s Encrypt<\/a>.<\/p>\n\n<p>Previously:<\/p>\n<ul>\n<li><a href=\"https:\/\/mjtsai.com\/blog\/2020\/02\/24\/safari-to-reject-https-certificates-longer-than-a-year\/\">Safari to Reject HTTPS Certificates Longer Than a Year<\/a><\/li>\n<\/ul>","protected":false},"excerpt":{"rendered":"<p>Jim Salter (via Bruce Schneier): On Leap Day, Let&rsquo;s Encrypt announced that it had discovered a bug in its CAA (Certification Authority Authorization) code.The bug opens up a window of time in which a certificate might be issued even if a CAA record in that domain&rsquo;s DNS should prohibit it. As a result, Let&rsquo;s Encrypt [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"apple_news_api_created_at":"2021-09-24T20:20:26Z","apple_news_api_id":"4c9018d1-421f-40cf-acd9-b2b673534150","apple_news_api_modified_at":"2021-09-24T20:20:27Z","apple_news_api_revision":"AAAAAAAAAAD\/\/\/\/\/\/\/\/\/\/w==","apple_news_api_share_url":"https:\/\/apple.news\/ATJAY0UIfQM-s2bK2c1NBUA","apple_news_coverimage":0,"apple_news_coverimage_caption":"","apple_news_is_hidden":false,"apple_news_is_paid":false,"apple_news_is_preview":false,"apple_news_is_sponsored":false,"apple_news_maturity_rating":"","apple_news_metadata":"\"\"","apple_news_pullquote":"","apple_news_pullquote_position":"","apple_news_slug":"","apple_news_sections":"\"\"","apple_news_suppress_video_url":false,"apple_news_use_image_component":false,"footnotes":""},"categories":[2],"tags":[131,2120,48,581,96],"class_list":["post-28354","post","type-post","status-publish","format-standard","hentry","category-technology","tag-bug","tag-lets-encrypt","tag-security","tag-ssltls","tag-web"],"apple_news_notices":[],"_links":{"self":[{"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/posts\/28354","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/comments?post=28354"}],"version-history":[{"count":1,"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/posts\/28354\/revisions"}],"predecessor-version":[{"id":28355,"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/posts\/28354\/revisions\/28355"}],"wp:attachment":[{"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/media?parent=28354"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/categories?post=28354"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/tags?post=28354"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}